Implantable and wearable medical devices (IWMDs) are used for monitoring, diagnosis, and treatment of an ever-increasing range of medical conditions. Some non-limiting examples of IWMDs include deep brain neuro-stimulators, cochlear implants, pacemakers, gastric implants, and insulin pumps. IWMDs have become increasingly sophisticated over the years and are now commonly equipped with advanced features, such as wireless connectivity. Wireless connectivity can be used for health monitoring, device checkups, manual delivery of therapy, and reprogramming parameters. Healthcare professionals are able to remotely monitor a patient's health and device status through an external device (ED) without requiring the patient to visit their office. Patients may also use their own ED to monitor their health and device status. EDs include but are not limited to mobile devices such as mobile phones, smart phones, or tablet computers, or other processing devices such as personal computers or notebook computers.
While wireless connectivity in IWMDs enables convenient and timely access to medical data, hackers or other adversaries may take advantage of security vulnerabilities to obtain sensitive medical data from IWMDs or even take control of them.
Typically, radio frequency (RF) channels between two wireless devices are secured through the use of cryptographic techniques. Some examples include symmetric or asymmetric key cryptography. However, traditional cryptographic techniques are not directly applicable to IWMDs because IWMDs must be protected from unauthorized access without deterring or delaying the healthcare professionals' access to them, particularly when the patient requires immediate medical assistance. Typical security mechanisms do not address this tension, usually favoring the resistance to adversaries over the need for easy access in emergencies.
Securing a wireless channel between IWMDs and one or more EDs involves at least the following difficulties. First, only legitimate EDs should be able to activate an RF module in the IWMD and establish a wireless connection to it. If the RF module may be activated by any ED, adversaries may make repeated (possibly invalid) connection requests in order to deplete batteries in the IWMD. This is referred to as a battery drain attack. Second, for resource-constrained IWMDs, asymmetric cryptography is not suitable since it is significantly more expensive (in terms of computation and memory) than symmetric cryptography. Further, establishing a public-key infrastructure (PKI) is not practical due to its required cost and scope. Third, while symmetric cryptography may alleviate some of the computational costs, it requires a secure exchange of a shared secret key between two devices. Therefore, if symmetric cryptography is used, the encryption and decryption algorithms must be implemented efficiently to ensure immediate access from a healthcare professional if necessary.
Thus, there is a need for a secure wireless channel between IWMDs and EDs that enables quick access in the event of emergencies.